tolelom
423e2832a0
- 5개 핸들러 err.Error() → 제네릭 메시지 (Login, Refresh, SSAFY, Ticket, BossRaid) - Redis context.Background() → WithTimeout 5s (10곳) - SprintMultiplier 범위 검증 추가 - 방어적 문서화 (SSAFY 충돌, zip bomb, body limit prefix, 로그 주입) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
31 lines
988 B
Go
31 lines
988 B
Go
package middleware
|
|
|
|
import (
|
|
"strings"
|
|
|
|
"github.com/gofiber/fiber/v2"
|
|
)
|
|
|
|
// BodyLimit rejects requests whose Content-Length header exceeds maxBytes.
|
|
// NOTE: Only checks Content-Length header. Chunked requests without Content-Length
|
|
// bypass this check. Fiber's global BodyLimit provides the final safety net.
|
|
// Paths matching any of the excludePrefixes are skipped (e.g. upload endpoints
|
|
// that legitimately need the global 4GB limit).
|
|
// NOTE: excludePrefixes uses HasPrefix matching. Ensure no unintended
|
|
// routes share the same prefix as upload endpoints.
|
|
func BodyLimit(maxBytes int, excludePrefixes ...string) fiber.Handler {
|
|
return func(c *fiber.Ctx) error {
|
|
for _, prefix := range excludePrefixes {
|
|
if strings.HasPrefix(c.Path(), prefix) {
|
|
return c.Next()
|
|
}
|
|
}
|
|
if c.Request().Header.ContentLength() > maxBytes {
|
|
return c.Status(fiber.StatusRequestEntityTooLarge).JSON(fiber.Map{
|
|
"error": "요청이 너무 큽니다",
|
|
})
|
|
}
|
|
return c.Next()
|
|
}
|
|
}
|